How to Add Roles to Hypervisors Using API Calls
Problem
API calls are needed to automate host onboarding and add new roles to Hypervisors.
Environment
- Platform9 Managed OpenStack - v5.4 and Higher.
Procedure
The steps are listed below:
- Obtain Keystone Token:
Follow the instructions found in https://developer.openstack.org/api-ref/identity/v3/?expanded=password-authentication-with-unscoped-authorization-detail,assign-role-to-user-on-projects-owned-by-domain-detail,password-authentication-with-scoped-authorization-detail#password-authentication-with-scoped-authorization. The OpenStack CLI can also be used to obtain a Keystone token by running:
# openstack token issue- Install host installer on the host (on the host):
Download the installer from Platform9 and run it on the host. You can use the Clarity UI for it Refer to:
https://DU_FQDN/clarity/index.html#/infrastructure/addhosts
- Get the host UUID of the host (on the host)
On the host, get the UUID by running the following command:
# grep host_id /etc/pf9/host_id.conf | awk '{print $3}'•- Check that the host has phoned in
Verify that the host connected back fine to the Platform9 Management plane using the following command:
# curl -H "X-Auth-Token:<keystone token>" https://<pf9-url>/resmgr/v1/hosts/<host uuid>- Apply Neutron roles for the host (Optional)
There are multiple commands to be run if you intend to run any network service on this host. These commands set up Neutron DHCP agent, L3 agent, OVS agent (DVR mode) and Metadata service. Note that the pf9-neutron-base role is mandatory if any Neutron services are going to be run on this host. The other roles should be set up depending on whether you intend to run on this host.
# curl -X PUT -H "X-Auth-Token:<keystone token>" https://<pf9-url>/resmgr/v1/hosts/<host uuid>/roles/pf9-neutron-base# curl -X PUT -H "X-Auth-Token:<keystone token>" https://<pf9-url>/resmgr/v1/hosts/<host uuid>/roles/pf9-neutron-metadata-agent# curl -X PUT -H "X-Auth-Token:<keystone token>" -H "Content-Type: application/json" https://<pf9-url>/resmgr/v1/hosts/<host uuid>/roles/pf9-neutron-dhcp-agent -d '{"dnsmasq_dns_servers": "207.200.0.230,207.200.0.25", "dns_domain": "openstacklocal", "rpc_response_timeout": "240"}'# curl -X PUT -H "X-Auth-Token:<keystone token>" -H "Content-Type: application/json" https://<pf9-url>/resmgr/v1/hosts/<host uuid>/roles/pf9-neutron-l3-agent -d '{"agent_mode": "dvr_snat", "rpc_response_timeout": "240"}'# curl -X PUT -H "X-Auth-Token:<keystone token>" -H "Content-Type: application/json" https://<pf9-url>/resmgr/v1/hosts/<host uuid>/roles/pf9-neutron-ovs-agent -d '{"allow_dhcp_vms": "False", "local_ip": "10.16.35.13", "rpc_response_timeout": "240", "enable_tunneling": "True", "ovsdb_interface": "vsctl", "net_type": "vlan,vxlan", "of_interface": "ovs-ofctl", "tunnel_types": "vxlan", "enable_distributed_routing": "True", "bridge_mappings": "physnet:br-vlan"}'- Apply Cinder roles for the host(Optional)
There are multiple commands to be run if you intend to run any Cinder service on this host. These commands set up Ceph, HPE 3PAR with Cinder. Note that the pf9-cindervolume-base role is mandatory if any Cinder services are going to be run on this host. The other roles should be setup depending on which storage backend you intend to support through this host.
# curl -X PUT -H "X-Auth-Token:<keystone token>" https://<pf9-url>/resmgr/v1/hosts/<host uuid>/roles/pf9-cindervolume-basecurl -X PUT -H "X-Auth-Token:<keystone token>" -H "Content-Type: application/json" https://<pf9-url>/resmgr/v1/hosts/<host uuid>/roles/pf9-cindervolume-ceph -d '{"rbd_store_chunk_size": "4", "rbd_ceph_conf": "/etc/ceph/ceph.conf", "volume_backend_name": "ceph", "rbd_secret_uuid": "24d6317e-aaa4-48f1-9ac2-8a7f0dcd1f2a", "volume_driver": "cinder.volume.drivers.rbd.RBDDriver", "rbd_pool": ".cinder", "rbd_flatten_volume_from_snapshot": "true", "rbd_max_clone_depth": "5", "rbd_user": "cinder"}'curl -X PUT -H "X-Auth-Token:<keystone token>" -H "Content-Type: application/json" https://<pf9-url>/resmgr/v1/hosts/<host uuid>/roles/pf9-cindervolume-other -d '{"volume_driver": "cinder.volume.drivers.hpe.hpe_3par_iscsi.HPE3PARISCSIDriver", "volume_backend_name": "3PAR"}'- Apply Hypervisor role for the host (Optional)
If you intend to run virtual machines on this host, the following command sets up the nova-compute service on the host.
# curl -X PUT -H "X-Auth-Token:<keystone token>" -H "Content-Type: application/json" https://<pf9-url>/resmgr/v1/hosts/<host uuid>/roles/pf9-ostackhost-neutron -d '{"reclaim_instance_interval": "0", "find_orphaned_vms_interval": "-1", "cpu_allocation_ratio": "0.0", "instances_path": "/opt/pf9/data/instances/", "ram_allocation_ratio": "0.0", "consul_ip": "", "images_type": "default", "novncproxy_base_url": "http://10.17.3.13:6080/vnc_auto.html"}'- Apply Ceilometer role for the host(Optional)
This command setups ceilometer service on the host.
# curl -X PUT -H "X-Auth-Token:<keystone token>" -H "Content-Type: application/json" https://<pf9-url>/resmgr/v1/hosts/<host uuid>/roles/pf9-ceilometer -d '{"kvm_instance_disk_path": "/opt/pf9/data/instances/"}'- Check host role status for the host
After all the required roles are applied to the host, the status of the host can be tracked with the following command. The value of the role_status field indicates the status of the role application.
# curl -H "X-Auth-Token:<keystone token>" https://<pf9-url>/resmgr/v1/hosts/<host uuid>Definition of different roles:
| State | Description |
|---|---|
| ok | The roles were successfully applied |
| converging | Application of roles is in progress |
| retrying | Application of role may have hit a temporary error. A retry to apply the role again is in progress. |
| failed | Application of the roles have failed. |